Information for authorities

AGOV, Definition

The AGOV project of Digital Public Services Switzerland (DPSS), implements the authentication service of the Swiss authorities in accordance with the Federal Act on the Use of Electronic Means to Carry Out Official Tasks (EMOTA). AGOV offers native electronic identities, which are registered in the end users' self-service area in AGOV, as well as optional strong identity verification procedures with identity document validation. AGOV federates the Swiss e-ID, which can be used as an autonomous credential in AGOV for login processes. AGOV is available to all administrative levels in Switzerland (communes, cantons, federal government, EMOTA-compatible public-private entities). AGOV replaces the Federal Administration's CH-LOGIN. It, too, is operated by the FOITT, is managed by the FCh DTI, and is an integral part of the identity and access management standard service.

What added value does the use of AGOV bring for authorities?

Using AGOV has numerous advantages for authorities. As well as high security and seamless interoperability between all participating authorities, AGOV provides cost efficiency, because there is no need to operate any additional identity providers; also included is the 24/7 operational organisation with rapid response times in the event of disruptions. Moreover, there is a focus on forward and backward technical compatibility, and on a wide variety of usage options for end users.

AGOV integrates seamlessly with target applications via the SAML and OIDC federation protocols, which are regarded as the industry standard worldwide. When the eID is used via AGOV, it is converted into a classic SAML/OIDC authentication token. As a result, there is no need to modify the target systems (further technical details available at: https://agov.ch/mod).

In addition, end users can log in using the AGOV access app, so that people without an eID can also use it.

Connect public service applications to AGOV

→ Connection request and procedure see https://work.agov.ch?c=aar! 
     ^{(Accessible via the AGOV login, which is linked to your business email address)}

All Swiss public service applications can use AGOV as an exclusive or complementary login method. For third-party applications that are used to access public services, connection to AGOV is possible if the legal basis is applicable EMBAG.

Target applications can be connected to AGOV directly, or the intermediary IAM systems to which the target applications are linked can be connected to AGOV. The second option has the advantage that connection costs are reduced and the intermediary IAM system can create an SSO domain via its target applications. AGOV itself does not create SSO domains.

You can choose to connect via the federation protocol OIDC or SAML. The connections can be set up by authorities or their suppliers in a self-service procedure in the AGOV connect portal. Connection attempts are made directly in the AGOV production environment, there is no need to use a sandbox. If there are a number of stages at the target end, these can all be connected to the AGOV production environment. AGOV itself does not provide stages.

Interested authorities should contact Digital Public Services Switzerland (DPSS). As a basis for connection, an agreement is concluded between the target authority (e.g. canton) and the Federal Chancellery's Digital Transformation and ICT Steering Sector (DTI). Administrative units of the central Federal Administration should use AGOV via eIAM (usage obligation) in the same way as the current CH-LOGIN), which will be replaced by AGOV. The decentralised Federal Administration can choose to use AGOV via eIAM or AGOV directly.

Documentation (specification, release notes, etc.)

The AGOV documentation, including the IdP interface specification, as well as a discussion forum for Swiss authorities and their suppliers, are available in the closed user group. Access is provided via the AGOV login, which is linked to your business email address.

AGOV, explanatory videos for Swiss authorities

Video 1: AGOV - Functionality and architecture

Video 2: AGOV - login, registration, recovery scheme

Video 3: AGOV - support concept

Video 4: AGOV - Skills required for support

In the video, the AGOV QR code cannot be scanned using the camera app. In the meantime, this is possible in many cases, but it is not recommended. The camera app option for AGOV may be deactivated in the future (see FAQ 4.6).

Video 5: Use of the e-ID with AGOV

This video shows how the Swiss state e-ID can be used directly as a login factor via the authentication service of the Swiss authorities AGOV.